Mahmoud Hamed
@7odamoo
Followers
3,490
Following
513
Media
129
Statuses
1,057
Explore trending content on Musk Viewer
#ROSÉ_BRUNO_APT
• 360034 Tweets
Wizkid
• 342932 Tweets
APT OUT NOW
• 249735 Tweets
Al Smith
• 169541 Tweets
Corinthians
• 133234 Tweets
Flamengo
• 133160 Tweets
Ruto
• 120844 Tweets
علي النبي
• 51856 Tweets
NUNEW DEBUT IN JAPAN
• 42933 Tweets
SB19 PIAYA NG MAYKAPAL
• 38755 Tweets
Lakers
• 35380 Tweets
Hayırlı Cumalar
• 30032 Tweets
安倍氏の女装
• 28498 Tweets
対象作品
• 23560 Tweets
超電ブレイカー
• 23264 Tweets
Dalton Knecht
• 22908 Tweets
ミミッキュ
• 14496 Tweets
集英社秋マンガチャ開催
• 13575 Tweets
Kindiki
• 13440 Tweets
IN2IT X BEAUTRIUM WITH PPV
• 11612 Tweets
フラワー
• 10943 Tweets
#جمعه_مباركه
• 10926 Tweets
ちゃんのライブ
• 10070 Tweets
Sometimes 404 Not Found hides something :)
1. Found 404 subdomain.
2. Do bruteforce with FFUF and find 200 OK endpoint.
3. Do parameter fuzzing with Arjun.
4. That parameter with vulnerable to XSS.
21
83
434
1. Found Contact Us form.
2. Injection of special characters was not allowed.
3. The validation was UI Validation.
4. Injected BXSS payload via Burp.
16
35
256
My writeup about turning Self-XSS into Good-XSS
9
70
221
see you next week when the customer marks them all as duplicates 🤡
11
2
159
Found phpLDAPadmin Endpoint ?
Try to login as an anonymous user, You will see what the admin can see (Schema for My LDAP Server)
Credit
@0x_rood
#bugbountytips
#BugBounty
1- use ffuf in subdomain
2- /phpldapadmin/ -> 200 ok
3- admin login page
4- try to access admin panel
5- see check box (anonymous login)
6- access with anonymous and read privileges
7- triaged report with high severity 😎
#bugbountytips
#BugBounty
12
93
325
1
30
94
In February, I submitted 10 vulnerabilities to 5 programs on
@Hacker0x01
.
This month was crazy as I got a cold twice. I was very sick and I stayed in the bed doing nothing for almost 2 weeks. But luckily I managed to get some bounties
#TogetherWeHitHarder
10
2
87
I have a possible DOM XSS but it's unexploitable due unsafe:javascript seems it's because of DomSanitizer in Angular. Does anyone know a bypass for this?
9
10
84
I found about 52 XSS in one subdomain with different endpoints and different parameters.
I got triaged for the first one and the rest become duplicates for my first one :)
I felt the company is thinking like, We will make this f**king subdomain down😂
11
2
83
Got duplicate >> Wait until the original report got resolved and then bypass it👀
4
1
75
I am not an easy competitor💀
3
0
30
7
0
66
2 weeks ago I got a duplicate on a report, and then 3 days ago I found that the original report got resolved. I found a bypass to it and I reported the bypass.
Why could such a team mark a report as 'resolved' when it's still being mitigated and tracked internally?🤔
12
0
60
8 months time to bounty - I almost forgot that I submitted this report :)
5
2
60
Worked with
@sazouki_
to uncover a Stored XSS on
@Hacker0x01
, Can't wait to tackle more challenges together 🔥
6
4
41
If I have a Self Stored XSS in profile via "Name" parameter but the URL of the the profile is constant for all users like:
Any idea to get an impact out of this self xss? 🤔
15
4
33
What do you do when your XSSHunter alert in some admin panel but you can't remember where did you inject your XSS Payload ?
6
3
32
I've submitted several bugs to them in 3rd parties they use and It was not mentioned on their policy page that they don't pay for 3rd parties :)
Now I am asking you guys about your opinion ...
"Why do you think that many companies don't pay for the 3rd parties they use?"
5
1
33
This was one of the most enjoyable times I have done a collaboration, And we will surely continue to collaborate together in the future to find many tricky bugs🐞
2
0
27
Guys, which tool do you use to extract URLs through Dorking in search engines like Bing, Yahoo, Yandex, and DuckDuckGo?
I have tried various tools, but none of them seem to work.
4
1
22
Hi it's me "7odamo"
Two months ago, I began to feel burned out I thought I could solve the problem by changing the platform that I used to work on. But my condition got worse, and after many attempts, I reached a severe stage of depression....
10
0
20
Since Bugcrowd notifies me about the resolved reports, I often get duplicates when submitting a bypass. This happens because all researchers receive the same notification and send the bypasses before me. This is why I like H1, I rarely get duplicates on the bypasses.
1
0
18
@s3cur3_1337
Good question!
Usually, I don't like to work on huge scopes as I am not good at recon. so that target has about 30 live subdomains, and only one of them was giving 404, Isn't it interesting to dig more into that subdomain?
0
0
18
@HackerOn2Wheels
@opensea
A hacker finds a critical web vulnerability in billion dollar companies and have two options. Exploit two or three users and make millions of dollars, or report to their
#bugbounty
and get +7 reputation. I wonder what most will choose… 🤡🤡
1
0
16
My friend
@3bodymo_
made a Web Application and asked me and my friends to do pentest on it, And yeah, I got 30 EGP which is about 1.5 Dollars as a bounty for finding Crtical Bug there.
Thank you sir for the bounty 😂♥️♥️
Bug type : business logic
#BugBounty
0
1
14
If the subdomain is not listed in-scope then it's OOS, Even if the subdomain isn't in the OOS section :)
If you found a bug on a subdomain that is not listed on both in-scope/out-of-scope subdomains, would you report it or not?
1
0
4
1
0
13
It was an amazing experience, Thank you so much for your help
@jobertabma
!
I wanted to share my article about how I used AI to report multiple reports to
@Hacker0x01
.
We're grateful to
@jobertabma
for his help in resolving the bounty case, and as a result, me and
@7odamo_
were finally rewarded for all the reports we submitted.
7
17
101
2
1
15
@remonsec
oh, you are the real remonsec😍
I started It manually then I get 2 bugs there
after that I used google dorking to look for similar subdomains in the same county which use the same technology and have the same parameters
after that I test on those subdomains, get the rest of bugs
2
0
11
@RahmatQurishi
@Bugcrowd
congratulations bro 💖
btw I never thought to test Idors in the response 😂
2
0
10
@errorrsec
I got lots of positive energy from the Twitter infosec community so sharing tips/writeups is like thanking them for that🙏🤍
1
0
11
What do you do if you find a bug, but when you begin to write a report about it, you find that it fixed
2
0
10
@leetibrahim
او الي تكون تغريداته علي هذا الشكل
yay I got awarded $20000
tip:
work hard
و يحطلك هاشتاق
bugbounty و bugbountytips
😂😂😂
2
0
8
XSS in the same subdomain with different endpoint and same "parameter name" but each parameter has different filter so the payload for each parameter is different, Should those two XSS be reported on one or two reports
One Report
23
Two Reports
57
Show the Results
16
3
1
8
@mahfujwhh
@Hacker0x01
congratulations, next time keep it and chain it with other bugs to make it at least high severity
2
0
8
@RahmatQurishi
You are an elite hacker, and understanding that being demotivated is a part of this game will make things better, just keep your mental health well and keep yourself around good people❤️
1
0
7
2
1
7
A guy with '2' reputation and he received 3 bounties or more (as he has an impact)
The lesson: Never give up guys 😂
0
0
6
THE GODFATHER IS BACK 🤩💥💥
I back with new account same username handle
@GodfatherOrwa
So all who know me you can follow me again 😂
And from today
A lot of
#bugbountytips
#bugbountytip
And lts get back and make it rain P1s✌️
55
41
287
0
0
6
@AliHassanKhan_
@mahfujwhh
@Hacker0x01
Not all programs do so, I submit this bug + XSS + misconfigured CSRF + CORS misconfiguration= 1-Click ATO = High
0
0
5
@bugbounty_memes
- Report submit
- Pending program review
- Informative
- Pending program review
- Informative
- Pending program review
- Informative
0
0
5
@ibrahimatix0x01
@bug_vs_me
@kassem_S94
@Hacker0x01
bro I am finding this out, what goes around this type of bug 😂💔
0
0
6
So I decided to quit the field and try to treat myself. Two months have passed since I struggled with depression. I am now in a better condition I miss you all guys it's been a long break but missed to be in contact with the community
1
0
6
Hey
@errorrsec
I will be back to H1 program watch your steps then😁
And for you
@bug_vs_me
we want to collab on some cool CSP/WAF bypasses it go crazy when we do DOM XSS togther😃
@sazouki_
may we find another cool Stored XSS like what we found before but with higher bounty😆
3
0
5
@007_isnuoT
@Sazouki_
@Hacker0x01
wtf, never expect it would be accepted on any program rather than being rewarded too,At first I thought your screenshot is a joke 🤣🤣
2
0
5
@ibrahimatix0x01
@AkashHamal0x01
try to play with settings
- try to change email for Abc
@gmail
.com and see what happens to both accounts
- maybe after changing your email, request password reset link and don't open it until you return you email to Abc
@gmail
.com again
3
0
5
@ibrahimatix0x01
He came through a lot of reports for a lot of bug hunters.
Most probably he was hard-working person 😂
1
0
5
when you found a bug on a new program on h1 that has < 10 triage report, then you will get:
+17 reputation
+10 impact
will you get more points when the program gets more than 10 rewarded reports?
I mean whom get 17 reputations for critical bug will get another 40 points later?
1
0
5
@bug_vs_me
@Sazouki_
@Hacker0x01
Thanks bro :D
I'd be happy to share the details of the bypass/bug in a write-up once the bug is fixed and I get permission to share it. But what I can tell right now is that the filter was designed to block certain words like "alert", "onerror", "document.ANY", etc..
0
0
4
If you found a bug on a subdomain that is not listed on both in-scope/out-of-scope subdomains, would you report it or not?
Yes I would report it
37
No I wouldn't report it
12
View results
18
1
0
4